Gå til hovedinnhold

Found a security issue?

At Nordnet we strive to make our systems secure, and we value the security community. Responsible disclosure of security vulnerabilities by researchers, helps us ensure the security and privacy of our users. We strive to deliver high quality services that are as secure as possible, although as in any complex system, sometimes new or previously undetected weaknesses or vulnerabilities can be discovered. If you have found a security flaw we encourage you to contact us; would like to hear about any issue in order to be able to address it.

How do you report?

Contact us via email at security@nordnet.se in the first instance. If necessary we can then setup a secure communication channel.  When sending in a report please make sure that you have included the following information:

  • Your contact details.

  • An explanation of the vulnerability with details about the domain, location and type of vulnerability. Please help us to reproduce the problem.

  • If applicable, a screenshot of the vulnerability you have found.

What do we expect of you?

It is important for us, our customers and our partners security that you follow good practice, namely that:

  • We expect that you don’t abuse our services.

  • Do not use the vulnerability to remove or modify data.

  • Do not jeopardise the availability of the services.

  • Give us the opportunity to fix any reported vulnerability before disclosing it publicly.

  • Do not try and gain a material advantage through the vulnerability you have discovered.

  • Do not attempt to discover vulnerabilities via attacks on physical security, social engineering, distributed denial of service or spam/phishing.

  • Please do provide sufficient information to reproduce the problem, so that we will be able to resolve it as quickly as possible. 

What can you expect of us?

  • We will do our best to get back to you as soon as possible, with a confirmation that we have received your report and keep you updated while we work on the issue.

  • If you have met the expectations set out above, an individual reporting a vulnerability in good faith will not be unduly penalized or subjected to any legal action by us in regard to the report.

  • We will keep you informed of the progress towards resolving the problem.

  • In any public information issued by Nordnet concerning the problem reported, we will credit you as the discoverer of the problem (unless you desire otherwise).